Here you can use Wss4jSecurityInterceptor - an EndpointInterceptor
which can be used to perform security operations on request messages (of course before calling the Endpoint)
<bean class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
<property name="validationActions" value="UsernameToken Encrypt" />
</bean>